Latest Bagle succeeds by sheer numbers

Unknown online vandals with an apparent connection to spam e-mail have created a new version of the Bagle computer worm that has spread somewhat successfully in the past 24 hours, antivirus companies said Thursday.

The mass-mailing computer virus, dubbed Bagle.AF or Beagle.AB by different security firms, opens a path for intruders to relay bulk e-mail messages through the infected computer and attempts to contact one of almost 150 compromised German Web sites to let the attackers know of their latest conquest.

"It certainly is successful," said Oliver Friedrichs, senior manager for antivirus firm Symantec's security response center. "It is definitely comparable to threats that we saw earlier this year such as MyDoom."

Symantec raised the virus to a threat rating of three on its five-point scale, while rival antivirus firm McAfee--formerly Network Associates--gave the program a medium danger rating.

Bagle.AF arrives in e-mail as an attached file and infects computers running the Windows operating system if the user opens the file. The program attempts to halt more than 250 security applications from running on the computer, mails itself to any e-mail address it can find on the computer, and contacts one of 141 German Web sites, twice the number that a previous version of the virus contacted. The diverse Web sites have likely been compromised by online vandals, leaving behind software to record which computers have been infected by the Bagle worm.

With that information, the vandals can use the compromised computers to spread spam, or sell the information to spammers, Friedrichs said. The virus leaves open a backdoor specifically for that purpose.

Increasingly, computer viruses are used to spread software that surreptitiously converts computers to an attacker's purpose. Such "bot" software can be used by spammers and more dangerous online denizens to disrupt access to Web sites or collect personal financial information.

And while the latest Bagle worm uses an old method of spreading itself, it's still effective. Symantec has had almost 175 reports of infections, Friedrichs said.

"I think what we are seeing is that these threats will continue to be successful because people are continuing to trust attachments and continuing to click on them," he said. "Really, the human factor is the weakest link that is allowing these worms to be so successful."